summaryrefslogtreecommitdiffstats
path: root/lass/2configs
diff options
context:
space:
mode:
authortv <tv@krebsco.de>2021-06-10 21:42:06 +0200
committertv <tv@krebsco.de>2021-06-10 21:42:06 +0200
commit0e6e8b7188b4a2aab7ca467cb20514a70ba09011 (patch)
treecfa9ab8a1a83e0dd139255cf7f7b29bf9a37fdf6 /lass/2configs
parent44c4cb6a453f5bc34c870caa6802548c099e9435 (diff)
parent04a081a3be600cc5e74aadd4f0fee899d6987a85 (diff)
Merge remote-tracking branch 'prism/master'
Diffstat (limited to 'lass/2configs')
-rw-r--r--lass/2configs/bitcoin.nix27
-rw-r--r--lass/2configs/ciko.nix1
-rw-r--r--lass/2configs/default.nix5
-rw-r--r--lass/2configs/elster.nix1
-rw-r--r--lass/2configs/games.nix1
-rw-r--r--lass/2configs/gg23.nix2
-rw-r--r--lass/2configs/htop.nix1
-rw-r--r--lass/2configs/pass.nix2
-rw-r--r--lass/2configs/power-action.nix9
-rw-r--r--lass/2configs/radio.nix35
-rw-r--r--lass/2configs/review.nix14
-rw-r--r--lass/2configs/websites/domsen.nix45
-rw-r--r--lass/2configs/websites/lassulus.nix1
-rw-r--r--lass/2configs/wine.nix3
-rw-r--r--lass/2configs/xonsh.nix7
15 files changed, 125 insertions, 29 deletions
diff --git a/lass/2configs/bitcoin.nix b/lass/2configs/bitcoin.nix
index 9f6fd3bf0..9aa97a8ce 100644
--- a/lass/2configs/bitcoin.nix
+++ b/lass/2configs/bitcoin.nix
@@ -4,12 +4,6 @@ let
mainUser = config.users.extraUsers.mainUser;
in {
- krebs.per-user.bch.packages = [
- pkgs.electron-cash
- ];
- krebs.per-user.bitcoin.packages = [
- pkgs.electrum
- ];
users.extraUsers = {
bch = {
name = "bch";
@@ -17,6 +11,8 @@ in {
home = "/home/bch";
useDefaultShell = true;
createHome = true;
+ packages = [ pkgs.electron-cash ];
+ isNormalUser = true;
};
bitcoin = {
name = "bitcoin";
@@ -24,10 +20,25 @@ in {
home = "/home/bitcoin";
useDefaultShell = true;
createHome = true;
+ packages = [ pkgs.electrum ];
+ isNormalUser = true;
+ };
+ monero = {
+ name = "monero";
+ description = "user for monero stuff";
+ home = "/home/monero";
+ useDefaultShell = true;
+ createHome = true;
+ packages = [
+ pkgs.monero
+ pkgs.monero-gui
+ ];
+ isNormalUser = true;
};
};
security.sudo.extraConfig = ''
- ${mainUser.name} ALL=(bitcoin) NOPASSWD: ALL
- ${mainUser.name} ALL=(bch) NOPASSWD: ALL
+ ${mainUser.name} ALL=(bch) ALL
+ ${mainUser.name} ALL=(bitcoin) ALL
+ ${mainUser.name} ALL=(monero) ALL
'';
}
diff --git a/lass/2configs/ciko.nix b/lass/2configs/ciko.nix
index 3d87fb620..f32f062ff 100644
--- a/lass/2configs/ciko.nix
+++ b/lass/2configs/ciko.nix
@@ -10,6 +10,7 @@ with import <stockholm/lib>;
openssh.authorizedKeys.keys = [
"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTUWm/fISw/gbuHvf3kwxGEuk1aY5HrNNvr8QXCQv0khDdaYmZSELbtFQtE04WGTWmackNcLpld5mETVyCM0BjOgqMJYQNhtywxfYcodEY5xxHCuGgA3S1t94MZub+DRodXCfB0yUV85Wbb0sltkMTJufMwYmLEGxSLRukxAOcNsXdjlyro96csmYrIiV6R7+REnz8OcR7sKlI4tvKA1mbvWmjbDBd1MZ8Jc0Lwf+b0H/rH69wEQIcB5HRHHJIChoAk0t2azSjXagk1+4AebONZTCKvTHxs/D2wUBIzoxyjmh5S0aso/cKw8qpKcl/A2mZiIvW3KMlJAM5U+RQKMrr"
];
+ isNormalUser = true;
};
system.activationScripts.user-shadow = ''
diff --git a/lass/2configs/default.nix b/lass/2configs/default.nix
index 7b6f01148..193f4bef1 100644
--- a/lass/2configs/default.nix
+++ b/lass/2configs/default.nix
@@ -32,6 +32,7 @@ with import <stockholm/lib>;
group = "users";
createHome = true;
useDefaultShell = true;
+ isNormalUser = true;
extraGroups = [
"audio"
"fuse"
@@ -88,9 +89,7 @@ with import <stockholm/lib>;
services.timesyncd.enable = mkForce true;
- systemd.tmpfiles.rules = [
- "d /tmp 1777 root root - -"
- ];
+ boot.tmpOnTmpfs = true;
# multiple-definition-problem when defining environment.variables.EDITOR
environment.extraInit = ''
diff --git a/lass/2configs/elster.nix b/lass/2configs/elster.nix
index e3a88c789..5d68def35 100644
--- a/lass/2configs/elster.nix
+++ b/lass/2configs/elster.nix
@@ -12,6 +12,7 @@ in {
useDefaultShell = true;
extraGroups = [];
createHome = true;
+ isNormalUser = true;
};
};
krebs.per-user.elster.packages = [
diff --git a/lass/2configs/games.nix b/lass/2configs/games.nix
index 67f250ef3..829773b87 100644
--- a/lass/2configs/games.nix
+++ b/lass/2configs/games.nix
@@ -78,6 +78,7 @@ in {
# vdoomserver
retroarchBare
];
+ isNormalUser = true;
};
};
diff --git a/lass/2configs/gg23.nix b/lass/2configs/gg23.nix
index 3d4c1e306..89ccae408 100644
--- a/lass/2configs/gg23.nix
+++ b/lass/2configs/gg23.nix
@@ -8,6 +8,8 @@ with import <stockholm/lib>;
prefixLength = 24;
}];
+ networking.domain = "gg23";
+
services.dhcpd4 = {
enable = true;
interfaces = [ "int0" ];
diff --git a/lass/2configs/htop.nix b/lass/2configs/htop.nix
index d9307347e..629d74235 100644
--- a/lass/2configs/htop.nix
+++ b/lass/2configs/htop.nix
@@ -3,7 +3,6 @@
with import <stockholm/lib>;
{
- security.hideProcessInformation = true;
nixpkgs.config.packageOverrides = super: {
htop = pkgs.symlinkJoin {
name = "htop";
diff --git a/lass/2configs/pass.nix b/lass/2configs/pass.nix
index 6b2a0142a..48070ea06 100644
--- a/lass/2configs/pass.nix
+++ b/lass/2configs/pass.nix
@@ -1,7 +1,7 @@
{ config, pkgs, ... }:
{
- users.users.lass.packages = with pkgs; [
+ users.users.mainUser.packages = with pkgs; [
(pass.withExtensions (ext: [ ext.pass-otp ]))
gnupg
];
diff --git a/lass/2configs/power-action.nix b/lass/2configs/power-action.nix
index c7bdb525d..648ffc784 100644
--- a/lass/2configs/power-action.nix
+++ b/lass/2configs/power-action.nix
@@ -32,9 +32,12 @@ in {
user = "lass";
};
- users.users.power-action.extraGroups = [
- "audio"
- ];
+ users.users.power-action = {
+ isNormalUser = true;
+ extraGroups = [
+ "audio"
+ ];
+ };
security.sudo.extraConfig = ''
${config.krebs.power-action.user} ALL= (root) NOPASSWD: ${suspend}
diff --git a/lass/2configs/radio.nix b/lass/2configs/radio.nix
index cfc280e50..a474b0ebc 100644
--- a/lass/2configs/radio.nix
+++ b/lass/2configs/radio.nix
@@ -4,7 +4,6 @@ with import <stockholm/lib>;
let
name = "radio";
- mainUser = config.users.extraUsers.mainUser;
music_dir = "/home/radio/music";
@@ -84,6 +83,17 @@ let
}'
'';
+ set_irc_topic = pkgs.writeDash "set_irc_topic" ''
+ ${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \
+ -H content-type:application/json \
+ -d "$(${pkgs.jq}/bin/jq -n \
+ --arg text "$1" '{
+ command:"TOPIC",
+ params:["#the_playlist",$text]
+ }'
+ )"
+ '';
+
write_to_irc = pkgs.writeDash "write_to_irc" ''
${pkgs.curl}/bin/curl -fsSv --unix-socket /home/radio/reaktor.sock http://z/ \
-H content-type:application/json \
@@ -128,11 +138,25 @@ in {
services.mpd = {
enable = true;
- group = "radio";
+ user = "radio";
musicDirectory = "${music_dir}";
+ dataDir = "/home/radio/state"; # TODO create this somwhere
extraConfig = ''
log_level "default"
auto_update "yes"
+ volume_normalization "yes"
+
+ audio_output {
+ type "httpd"
+ name "lassulus radio mp3"
+ encoder "lame" # optional
+ port "8002"
+ quality "5.0" # do not define if bitrate is defined
+ # bitrate "128" # do not define if quality is defined
+ format "44100:16:2"
+ always_on "yes" # prevent MPD from disconnecting all listeners when playback is stopped.
+ tags "yes" # httpd supports sending tags to listening streams.
+ }
audio_output {
type "httpd"
@@ -152,6 +176,7 @@ in {
tables = {
filter.INPUT.rules = [
{ predicate = "-p tcp --dport 8000"; target = "ACCEPT"; }
+ { predicate = "-p tcp --dport 8002"; target = "ACCEPT"; }
{ predicate = "-i retiolum -p tcp --dport 8001"; target = "ACCEPT"; }
];
};
@@ -200,10 +225,10 @@ in {
${pkgs.mpc_cli}/bin/mpc idle player > /dev/null
${pkgs.mpc_cli}/bin/mpc current -f %file%
done | while read track; do
- listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | wc -l)
+ listeners=$(${pkgs.iproute}/bin/ss -Hno state established 'sport = :8000' | grep '^mptcp' | wc -l)
echo "$(date -Is)" "$track" | tee -a "$HISTORY_FILE"
echo "$(tail -$LIMIT "$HISTORY_FILE")" > "$HISTORY_FILE"
- ${write_to_irc} "playing: $track listeners: $listeners"
+ ${set_irc_topic} "playing: $track listeners: $listeners"
done
'';
in {
@@ -349,7 +374,7 @@ in {
};
services.syncthing.declarative.folders."the_playlist" = {
path = "/home/radio/music/the_playlist";
- devices = [ "mors" "phone" "prism" "xerxes" ];
+ devices = [ "mors" "phone" "prism" ];
};
krebs.permown."/home/radio/music/the_playlist" = {
owner = "radio";
diff --git a/lass/2configs/review.nix b/lass/2configs/review.nix
new file mode 100644
index 000000000..658f32084
--- /dev/null
+++ b/lass/2configs/review.nix
@@ -0,0 +1,14 @@
+{ config, pkgs, ... }:
+
+let
+ mainUser = config.users.extraUsers.mainUser;
+in {
+
+ users.users.review = {
+ isNormalUser = true;
+ packages = [ pkgs.nixpkgs-review ];
+ };
+ security.sudo.extraConfig = ''
+ ${mainUser.name} ALL=(review) NOPASSWD: ALL
+ '';
+}
diff --git a/lass/2configs/websites/domsen.nix b/lass/2configs/websites/domsen.nix
index c43c8c902..e603f49da 100644
--- a/lass/2configs/websites/domsen.nix
+++ b/lass/2configs/websites/domsen.nix
@@ -170,6 +170,7 @@ in {
home = "/home/UBIK-SFTP";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.xanf = {
@@ -178,6 +179,7 @@ in {
home = "/home/xanf";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.domsen = {
@@ -185,8 +187,9 @@ in {
description = "maintenance acc for domsen";
home = "/home/domsen";
useDefaultShell = true;
- extraGroups = [ "nginx" "download" ];
+ extraGroups = [ "syncthing" "download" "xanf" ];
createHome = true;
+ isNormalUser = true;
};
users.users.bruno = {
@@ -194,6 +197,7 @@ in {
home = "/home/bruno";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.jla-trading = {
@@ -201,6 +205,7 @@ in {
home = "/home/jla-trading";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.jms = {
@@ -208,6 +213,7 @@ in {
home = "/home/jms";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.ms = {
@@ -215,6 +221,7 @@ in {
home = "/home/ms";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.testuser = {
@@ -222,20 +229,23 @@ in {
home = "/home/testuser";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
- users.users.akayguen = {
- uid = genid_uint31 "akayguen";
- home = "/home/akayguen";
- useDefaultShell = true;
- createHome = true;
- };
+ #users.users.akayguen = {
+ # uid = genid_uint31 "akayguen";
+ # home = "/home/akayguen";
+ # useDefaultShell = true;
+ # createHome = true;
+ # isNormalUser = true;
+ #};
users.users.bui = {
uid = genid_uint31 "bui";
home = "/home/bui";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.klabusterbeere = {
@@ -243,6 +253,7 @@ in {
home = "/home/klabusterbeere";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.kasia = {
@@ -250,6 +261,7 @@ in {
home = "/home/kasia";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
};
users.users.XANF_TEAM = {
@@ -258,6 +270,25 @@ in {
home = "/home/XANF_TEAM";
useDefaultShell = true;
createHome = true;
+ isNormalUser = true;
+ };
+
+ users.users.dif = {
+ uid = genid_uint31 "dif";
+ home = "/home/dif";
+ useDefaultShell = true;
+ extraGroups = [ "xanf" ];
+ createHome = true;
+ isNormalUser = true;
+ };
+
+ users.users.lavafilms = {
+ uid = genid_uint31 "lavafilms";
+ home = "/home/lavafilms";
+ useDefaultShell = true;
+ extraGroups = [ "xanf" ];
+ createHome = true;
+ isNormalUser = true;
};
users.groups.xanf = {};
diff --git a/lass/2configs/websites/lassulus.nix b/lass/2configs/websites/lassulus.nix
index 17df71310..bb983b78e 100644
--- a/lass/2configs/websites/lassulus.nix
+++ b/lass/2configs/websites/lassulus.nix
@@ -97,6 +97,7 @@ in {
home = "/srv/http/lassul.us";
useDefaultShell = true;
createHome = true;
+ isSystemUser = true;
openssh.authorizedKeys.keys = with config.krebs.users; [
lass.pubkey
lass-mors.pubkey
diff --git a/lass/2configs/wine.nix b/lass/2configs/wine.nix
index 5cb019c13..5476624c9 100644
--- a/lass/2configs/wine.nix
+++ b/lass/2configs/wine.nix
@@ -14,8 +14,9 @@ in {
];
createHome = true;
packages = [
- pkgs.wineMinimal
+ pkgs.wineWowPackages.stable
];
+ isNormalUser = true;
};
};
security.sudo.extraConfig = ''
diff --git a/lass/2configs/xonsh.nix b/lass/2configs/xonsh.nix
new file mode 100644
index 000000000..23ed28847
--- /dev/null
+++ b/lass/2configs/xonsh.nix
@@ -0,0 +1,7 @@
+{ config, lib, pkgs, ... }:
+{
+ environment.systemPackages = [
+ pkgs.xonsh
+ pkgs.xonsh2
+ ];
+}